]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import { expect } from 'chai' | |
4 | import { SQLCommand } from '@server/tests/shared' | |
5 | import { wait } from '@shared/core-utils' | |
6 | import { HttpStatusCode, OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models' | |
7 | import { cleanupTests, createSingleServer, killallServers, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands' | |
8 | ||
9 | describe('Test oauth', function () { | |
10 | let server: PeerTubeServer | |
11 | let sqlCommand: SQLCommand | |
12 | ||
13 | before(async function () { | |
14 | this.timeout(30000) | |
15 | ||
16 | server = await createSingleServer(1, { | |
17 | rates_limit: { | |
18 | login: { | |
19 | max: 30 | |
20 | } | |
21 | } | |
22 | }) | |
23 | ||
24 | await setAccessTokensToServers([ server ]) | |
25 | ||
26 | sqlCommand = new SQLCommand(server) | |
27 | }) | |
28 | ||
29 | describe('OAuth client', function () { | |
30 | ||
31 | function expectInvalidClient (body: PeerTubeProblemDocument) { | |
32 | expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT) | |
33 | expect(body.error).to.contain('client is invalid') | |
34 | expect(body.type.startsWith('https://')).to.be.true | |
35 | expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT) | |
36 | } | |
37 | ||
38 | it('Should create a new client') | |
39 | ||
40 | it('Should return the first client') | |
41 | ||
42 | it('Should remove the last client') | |
43 | ||
44 | it('Should not login with an invalid client id', async function () { | |
45 | const client = { id: 'client', secret: server.store.client.secret } | |
46 | const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
47 | ||
48 | expectInvalidClient(body) | |
49 | }) | |
50 | ||
51 | it('Should not login with an invalid client secret', async function () { | |
52 | const client = { id: server.store.client.id, secret: 'coucou' } | |
53 | const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
54 | ||
55 | expectInvalidClient(body) | |
56 | }) | |
57 | }) | |
58 | ||
59 | describe('Login', function () { | |
60 | ||
61 | function expectInvalidCredentials (body: PeerTubeProblemDocument) { | |
62 | expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT) | |
63 | expect(body.error).to.contain('credentials are invalid') | |
64 | expect(body.type.startsWith('https://')).to.be.true | |
65 | expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT) | |
66 | } | |
67 | ||
68 | it('Should not login with an invalid username', async function () { | |
69 | const user = { username: 'captain crochet', password: server.store.user.password } | |
70 | const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
71 | ||
72 | expectInvalidCredentials(body) | |
73 | }) | |
74 | ||
75 | it('Should not login with an invalid password', async function () { | |
76 | const user = { username: server.store.user.username, password: 'mew_three' } | |
77 | const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
78 | ||
79 | expectInvalidCredentials(body) | |
80 | }) | |
81 | ||
82 | it('Should be able to login', async function () { | |
83 | await server.login.login({ expectedStatus: HttpStatusCode.OK_200 }) | |
84 | }) | |
85 | ||
86 | it('Should be able to login with an insensitive username', async function () { | |
87 | const user = { username: 'RoOt', password: server.store.user.password } | |
88 | await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 }) | |
89 | ||
90 | const user2 = { username: 'rOoT', password: server.store.user.password } | |
91 | await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 }) | |
92 | ||
93 | const user3 = { username: 'ROOt', password: server.store.user.password } | |
94 | await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 }) | |
95 | }) | |
96 | }) | |
97 | ||
98 | describe('Logout', function () { | |
99 | ||
100 | it('Should logout (revoke token)', async function () { | |
101 | await server.login.logout({ token: server.accessToken }) | |
102 | }) | |
103 | ||
104 | it('Should not be able to get the user information', async function () { | |
105 | await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
106 | }) | |
107 | ||
108 | it('Should not be able to upload a video', async function () { | |
109 | await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
110 | }) | |
111 | ||
112 | it('Should be able to login again', async function () { | |
113 | const body = await server.login.login() | |
114 | server.accessToken = body.access_token | |
115 | server.refreshToken = body.refresh_token | |
116 | }) | |
117 | ||
118 | it('Should be able to get my user information again', async function () { | |
119 | await server.users.getMyInfo() | |
120 | }) | |
121 | ||
122 | it('Should have an expired access token', async function () { | |
123 | this.timeout(60000) | |
124 | ||
125 | await sqlCommand.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString()) | |
126 | await sqlCommand.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString()) | |
127 | ||
128 | await killallServers([ server ]) | |
129 | await server.run() | |
130 | ||
131 | await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
132 | }) | |
133 | ||
134 | it('Should not be able to refresh an access token with an expired refresh token', async function () { | |
135 | await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
136 | }) | |
137 | ||
138 | it('Should refresh the token', async function () { | |
139 | this.timeout(50000) | |
140 | ||
141 | const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString() | |
142 | await sqlCommand.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate) | |
143 | ||
144 | await killallServers([ server ]) | |
145 | await server.run() | |
146 | ||
147 | const res = await server.login.refreshToken({ refreshToken: server.refreshToken }) | |
148 | server.accessToken = res.body.access_token | |
149 | server.refreshToken = res.body.refresh_token | |
150 | }) | |
151 | ||
152 | it('Should be able to get my user information again', async function () { | |
153 | await server.users.getMyInfo() | |
154 | }) | |
155 | }) | |
156 | ||
157 | describe('Custom token lifetime', function () { | |
158 | before(async function () { | |
159 | this.timeout(120_000) | |
160 | ||
161 | await server.kill() | |
162 | await server.run({ | |
163 | oauth2: { | |
164 | token_lifetime: { | |
165 | access_token: '2 seconds', | |
166 | refresh_token: '2 seconds' | |
167 | } | |
168 | } | |
169 | }) | |
170 | }) | |
171 | ||
172 | it('Should have a very short access token lifetime', async function () { | |
173 | this.timeout(50000) | |
174 | ||
175 | const { access_token: accessToken } = await server.login.login() | |
176 | await server.users.getMyInfo({ token: accessToken }) | |
177 | ||
178 | await wait(3000) | |
179 | await server.users.getMyInfo({ token: accessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
180 | }) | |
181 | ||
182 | it('Should have a very short refresh token lifetime', async function () { | |
183 | this.timeout(50000) | |
184 | ||
185 | const { refresh_token: refreshToken } = await server.login.login() | |
186 | await server.login.refreshToken({ refreshToken }) | |
187 | ||
188 | await wait(3000) | |
189 | await server.login.refreshToken({ refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
190 | }) | |
191 | }) | |
192 | ||
193 | after(async function () { | |
194 | await sqlCommand.cleanup() | |
195 | await cleanupTests([ server ]) | |
196 | }) | |
197 | }) |